https://github.com/python/cpython/commit/8133285c139c88d432587480c82a5872e163e87c
commit: 8133285c139c88d432587480c82a5872e163e87c
branch: 3.11
author: Seth Michael Larson <[email protected]>
committer: gpshead <[email protected]>
date: 2024-04-23T12:28:50-07:00
summary:
[3.11] gh-116741: Upgrade libexpat to 2.6.2 (GH-117296) (#118185)
Upgrade libexpat to 2.6.2
(cherry picked from commit c9829eec0883a8991ea4d319d965e123a3cf6c20)
files:
A Misc/NEWS.d/next/Security/2024-03-27-13-50-02.gh-issue-116741.ZoGryG.rst
M Modules/expat/expat.h
M Modules/expat/internal.h
M Modules/expat/xmlparse.c
diff --git
a/Misc/NEWS.d/next/Security/2024-03-27-13-50-02.gh-issue-116741.ZoGryG.rst
b/Misc/NEWS.d/next/Security/2024-03-27-13-50-02.gh-issue-116741.ZoGryG.rst
new file mode 100644
index 00000000000000..12a41948066bed
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2024-03-27-13-50-02.gh-issue-116741.ZoGryG.rst
@@ -0,0 +1 @@
+Update bundled libexpat to 2.6.2
diff --git a/Modules/expat/expat.h b/Modules/expat/expat.h
index 95464b0dd17735..c2770be3897e58 100644
--- a/Modules/expat/expat.h
+++ b/Modules/expat/expat.h
@@ -18,6 +18,7 @@
Copyright (c) 2022 Thijs Schreijer <[email protected]>
Copyright (c) 2023 Hanno Böck <[email protected]>
Copyright (c) 2023 Sony Corporation / Snild Dolkow <[email protected]>
+ Copyright (c) 2024 Taichi Haradaguchi <[email protected]>
Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining
@@ -1042,7 +1043,7 @@ typedef struct {
XMLPARSEAPI(const XML_Feature *)
XML_GetFeatureList(void);
-#if XML_GE == 1
+#if defined(XML_DTD) || (defined(XML_GE) && XML_GE == 1)
/* Added in Expat 2.4.0 for XML_DTD defined and
* added in Expat 2.6.0 for XML_GE == 1. */
XMLPARSEAPI(XML_Bool)
@@ -1065,7 +1066,7 @@ XML_SetReparseDeferralEnabled(XML_Parser parser, XML_Bool
enabled);
*/
#define XML_MAJOR_VERSION 2
#define XML_MINOR_VERSION 6
-#define XML_MICRO_VERSION 0
+#define XML_MICRO_VERSION 2
#ifdef __cplusplus
}
diff --git a/Modules/expat/internal.h b/Modules/expat/internal.h
index cce71e4c5164b5..167ec36804a43b 100644
--- a/Modules/expat/internal.h
+++ b/Modules/expat/internal.h
@@ -28,10 +28,11 @@
Copyright (c) 2002-2003 Fred L. Drake, Jr. <[email protected]>
Copyright (c) 2002-2006 Karl Waclawek <[email protected]>
Copyright (c) 2003 Greg Stein <[email protected]>
- Copyright (c) 2016-2023 Sebastian Pipping <[email protected]>
+ Copyright (c) 2016-2024 Sebastian Pipping <[email protected]>
Copyright (c) 2018 Yury Gribov <[email protected]>
Copyright (c) 2019 David Loffredo <[email protected]>
- Copyright (c) 2023 Sony Corporation / Snild Dolkow <[email protected]>
+ Copyright (c) 2023-2024 Sony Corporation / Snild Dolkow <[email protected]>
+ Copyright (c) 2024 Taichi Haradaguchi <[email protected]>
Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining
@@ -155,14 +156,20 @@ extern "C" {
void _INTERNAL_trim_to_complete_utf8_characters(const char *from,
const char **fromLimRef);
-#if XML_GE == 1
+#if defined(XML_GE) && XML_GE == 1
unsigned long long testingAccountingGetCountBytesDirect(XML_Parser parser);
unsigned long long testingAccountingGetCountBytesIndirect(XML_Parser parser);
const char *unsignedCharToPrintable(unsigned char c);
#endif
-extern XML_Bool g_reparseDeferralEnabledDefault; // written ONLY in runtests.c
-extern unsigned int g_parseAttempts; // used for testing only
+extern
+#if ! defined(XML_TESTING)
+ const
+#endif
+ XML_Bool g_reparseDeferralEnabledDefault; // written ONLY in runtests.c
+#if defined(XML_TESTING)
+extern unsigned int g_bytesScanned; // used for testing only
+#endif
#ifdef __cplusplus
}
diff --git a/Modules/expat/xmlparse.c b/Modules/expat/xmlparse.c
index aaf0fa9c8f96d1..2951fec70c56cb 100644
--- a/Modules/expat/xmlparse.c
+++ b/Modules/expat/xmlparse.c
@@ -1,4 +1,4 @@
-/* 628e24d4966bedbd4800f6ed128d06d29703765b4bce12d3b7f099f90f842fc9 (2.6.0+)
+/* 2a14271ad4d35e82bde8ba210b4edb7998794bcbae54deab114046a300f9639a (2.6.2+)
__ __ _
___\ \/ /_ __ __ _| |_
/ _ \\ /| '_ \ / _` | __|
@@ -38,7 +38,7 @@
Copyright (c) 2022 Jann Horn <[email protected]>
Copyright (c) 2022 Sean McBride <[email protected]>
Copyright (c) 2023 Owain Davies <[email protected]>
- Copyright (c) 2023 Sony Corporation / Snild Dolkow <[email protected]>
+ Copyright (c) 2023-2024 Sony Corporation / Snild Dolkow <[email protected]>
Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining
@@ -210,7 +210,7 @@ typedef char ICHAR;
#endif
/* Round up n to be a multiple of sz, where sz is a power of 2. */
-#define ROUND_UP(n, sz) (((n) + ((sz)-1)) & ~((sz)-1))
+#define ROUND_UP(n, sz) (((n) + ((sz) - 1)) & ~((sz) - 1))
/* Do safe (NULL-aware) pointer arithmetic */
#define EXPAT_SAFE_PTR_DIFF(p, q) (((p) && (q)) ? ((p) - (q)) : 0)
@@ -248,7 +248,7 @@ static void copy_salt_to_sipkey(XML_Parser parser, struct
sipkey *key);
it odd, since odd numbers are always relative prime to a power of 2.
*/
#define SECOND_HASH(hash, mask, power)
\
- ((((hash) & ~(mask)) >> ((power)-1)) & ((mask) >> 2))
+ ((((hash) & ~(mask)) >> ((power) - 1)) & ((mask) >> 2))
#define PROBE_STEP(hash, mask, power)
\
((unsigned char)((SECOND_HASH(hash, mask, power)) | 1))
@@ -629,8 +629,14 @@ static unsigned long getDebugLevel(const char
*variableName,
? 0
\
: ((*((pool)->ptr)++ = c), 1))
-XML_Bool g_reparseDeferralEnabledDefault = XML_TRUE; // write ONLY in
runtests.c
-unsigned int g_parseAttempts = 0; // used for testing only
+#if ! defined(XML_TESTING)
+const
+#endif
+ XML_Bool g_reparseDeferralEnabledDefault
+ = XML_TRUE; // write ONLY in runtests.c
+#if defined(XML_TESTING)
+unsigned int g_bytesScanned = 0; // used for testing only
+#endif
struct XML_ParserStruct {
/* The first member must be m_userData so that the XML_GetUserData
@@ -1017,7 +1023,9 @@ callProcessor(XML_Parser parser, const char *start, const
char *end,
return XML_ERROR_NONE;
}
}
- g_parseAttempts += 1;
+#if defined(XML_TESTING)
+ g_bytesScanned += (unsigned)have_now;
+#endif
const enum XML_Error ret = parser->m_processor(parser, start, end, endPtr);
if (ret == XML_ERROR_NONE) {
// if we consumed nothing, remember what we had on this parse attempt.
@@ -6232,7 +6240,7 @@ storeEntityValue(XML_Parser parser, const ENCODING *enc,
dtd->keepProcessing = dtd->standalone;
goto endEntityValue;
}
- if (entity->open) {
+ if (entity->open || (entity == parser->m_declEntity)) {
if (enc == parser->m_encoding)
parser->m_eventPtr = entityTextPtr;
result = XML_ERROR_RECURSIVE_ENTITY_REF;
@@ -7779,6 +7787,8 @@ copyString(const XML_Char *s, const
XML_Memory_Handling_Suite *memsuite) {
static float
accountingGetCurrentAmplification(XML_Parser rootParser) {
+ // 1.........1.........12 => 22
+ const size_t lenOfShortestInclude = sizeof("<!ENTITY a SYSTEM 'b'>") - 1;
const XmlBigCount countBytesOutput
= rootParser->m_accounting.countBytesDirect
+ rootParser->m_accounting.countBytesIndirect;
@@ -7786,7 +7796,9 @@ accountingGetCurrentAmplification(XML_Parser rootParser) {
= rootParser->m_accounting.countBytesDirect
? (countBytesOutput
/ (float)(rootParser->m_accounting.countBytesDirect))
- : 1.0f;
+ : ((lenOfShortestInclude
+ + rootParser->m_accounting.countBytesIndirect)
+ / (float)lenOfShortestInclude);
assert(! rootParser->m_parentParser);
return amplificationFactor;
}
_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/python-checkins.python.org/
Member address: [email protected]
